Chris Truncer
@christruncer.bsky.social
Deputy Chief Red Team @ CISA && BJJ && Open Source Dev
There are other ways to setup your system for telemetry if you are looking to see what can avoid detection.
But if you want to test your latest hotness against prevention of code execution, definitely test it against WDAC.
Find something that gets around it? Now that’s useful.
But if you want to test your latest hotness against prevention of code execution, definitely test it against WDAC.
Find something that gets around it? Now that’s useful.
January 29, 2026 at 8:56 PM
There are other ways to setup your system for telemetry if you are looking to see what can avoid detection.
But if you want to test your latest hotness against prevention of code execution, definitely test it against WDAC.
Find something that gets around it? Now that’s useful.
But if you want to test your latest hotness against prevention of code execution, definitely test it against WDAC.
Find something that gets around it? Now that’s useful.
WDAC will block everything you don’t trust, even to the point you could theoretically end up boot looping your Windows box if you’re trying to load untrusted drivers, or drivers you didn’t actually allow that you need.
Ask me how I know….
Ask me how I know….
January 29, 2026 at 8:53 PM
WDAC will block everything you don’t trust, even to the point you could theoretically end up boot looping your Windows box if you’re trying to load untrusted drivers, or drivers you didn’t actually allow that you need.
Ask me how I know….
Ask me how I know….
Since a lot of talk I’m seeing lately is about good defenses, especially for initial access, I’ve been preaching the good news about WDAC (formerly my fav name of Device Guard) for a while.
I think a properly set up WDAC is the bar which to test access - youtu.be/sWjhuVsSEks?...
I think a properly set up WDAC is the bar which to test access - youtu.be/sWjhuVsSEks?...
SAINTCON 2018 - Chris Truncer - Introducing Effective Controls in your Environment with Windows Defe
Title: Introducing Effective Controls in your Environment with Windows Defender Application Control
Speaker: Chris Truncer
Conference: SAINTCON 2018
Location: Track 1
Date: 2018-09-26
Time: 10:00am…
youtu.be
January 29, 2026 at 8:46 PM
Since a lot of talk I’m seeing lately is about good defenses, especially for initial access, I’ve been preaching the good news about WDAC (formerly my fav name of Device Guard) for a while.
I think a properly set up WDAC is the bar which to test access - youtu.be/sWjhuVsSEks?...
I think a properly set up WDAC is the bar which to test access - youtu.be/sWjhuVsSEks?...
Loving the start of my day with an email from @ISC2 saying they are auditing submission that I uploaded (with a screenshot), for a total of 1 credit hour.
¯\_(ツ)_/¯
Enjoy
¯\_(ツ)_/¯
Enjoy
January 15, 2026 at 2:45 PM
Loving the start of my day with an email from @ISC2 saying they are auditing submission that I uploaded (with a screenshot), for a total of 1 credit hour.
¯\_(ツ)_/¯
Enjoy
¯\_(ツ)_/¯
Enjoy
Oh great, looks like a ton of data from a Wired breach just was published.
December 28, 2025 at 9:48 PM
Oh great, looks like a ton of data from a Wired breach just was published.
I’ve had zero clue there was even a heisman race this year
December 14, 2025 at 1:07 AM
I’ve had zero clue there was even a heisman race this year
I’ve not been at gyms before where they give stripes, so this is a first, typically just belts. But I’m now a one stripe brown belt in jiu jitsu. I plenty of rolls after.
And a good day
And a good day
December 7, 2025 at 2:49 AM
I’ve not been at gyms before where they give stripes, so this is a first, typically just belts. But I’m now a one stripe brown belt in jiu jitsu. I plenty of rolls after.
And a good day
And a good day
I assume a lot of people have been playing with it, but I love testing and using @tailscale. It’s been nice being able to set up a private network, and love the wireguard usage overall.
Anyone using it for anything niche or cool?
Anyone using it for anything niche or cool?
November 20, 2025 at 2:09 AM
I assume a lot of people have been playing with it, but I love testing and using @tailscale. It’s been nice being able to set up a private network, and love the wireguard usage overall.
Anyone using it for anything niche or cool?
Anyone using it for anything niche or cool?
Man, 3 rounds in and Schevchenko is dominating this fight so far.
November 16, 2025 at 4:47 AM
Man, 3 rounds in and Schevchenko is dominating this fight so far.
My kid just asked me if dishwashers were around when I was a kid.
What the f
What the f
November 13, 2025 at 2:22 AM
My kid just asked me if dishwashers were around when I was a kid.
What the f
What the f
Who in their right mind likes puffy Cheetos?
By far crunchy is way superior.
By far crunchy is way superior.
October 30, 2025 at 1:40 PM
Who in their right mind likes puffy Cheetos?
By far crunchy is way superior.
By far crunchy is way superior.
Getting to check out @BsidesCOS today, looking forward to it!
October 25, 2025 at 3:30 PM
Getting to check out @BsidesCOS today, looking forward to it!
Well FCA (Jeep, etc.) just sent notice they were breached and lost some data, names, addresses, etc.
Glad they had my data
Glad they had my data
October 2, 2025 at 7:24 PM
Well FCA (Jeep, etc.) just sent notice they were breached and lost some data, names, addresses, etc.
Glad they had my data
Glad they had my data
Just so everyone is aware, there’s 58 million pounds of corn dogs being recalled as we speak due to possible wood in the batter.
You know, minus the giant wood stick it is embedded on.
The more you know.
You know, minus the giant wood stick it is embedded on.
The more you know.
September 29, 2025 at 12:34 PM
Just so everyone is aware, there’s 58 million pounds of corn dogs being recalled as we speak due to possible wood in the batter.
You know, minus the giant wood stick it is embedded on.
The more you know.
You know, minus the giant wood stick it is embedded on.
The more you know.
Love seeing Clemson lose. I cannot stand Dabo Swinney.
What guy did the curse this year saying he would eat dog poop then didn’t?
What guy did the curse this year saying he would eat dog poop then didn’t?
September 20, 2025 at 10:44 PM
Love seeing Clemson lose. I cannot stand Dabo Swinney.
What guy did the curse this year saying he would eat dog poop then didn’t?
What guy did the curse this year saying he would eat dog poop then didn’t?
If you are running Spotify locally, and have something like LittleSnitch up, it sure is interesting to see how much tracking is going on with that app.
September 19, 2025 at 4:31 PM
If you are running Spotify locally, and have something like LittleSnitch up, it sure is interesting to see how much tracking is going on with that app.
This last weekend was an awesome time in the mountains eating great view, seeing some trolls, and haunted tours!
August 21, 2025 at 2:49 AM
This last weekend was an awesome time in the mountains eating great view, seeing some trolls, and haunted tours!
It was amazing to see Chimaev fight. That was so impressive. He deserved that win.
August 17, 2025 at 5:03 AM
It was amazing to see Chimaev fight. That was so impressive. He deserved that win.
About time for some Savannah Banana baseball!!
August 10, 2025 at 8:43 PM
About time for some Savannah Banana baseball!!
On another note, hope that everyone off in Vegas is having a great time and learning some cool stuff.
Enjoy seeing everyone, talks, and cons!
Enjoy seeing everyone, talks, and cons!
August 7, 2025 at 3:04 PM
On another note, hope that everyone off in Vegas is having a great time and learning some cool stuff.
Enjoy seeing everyone, talks, and cons!
Enjoy seeing everyone, talks, and cons!
Wow, this hits close to home (from reddit)
August 7, 2025 at 3:00 PM
Wow, this hits close to home (from reddit)
I admittedly and clearly know nothing about flying a plane, but everyone see the article about the plane emergency landing in Dulles? Took off, possible engine failure, called mayday then flew for TWO HOURS before it landed?!? I would have assumed it would land immediately?
August 4, 2025 at 4:12 PM
I admittedly and clearly know nothing about flying a plane, but everyone see the article about the plane emergency landing in Dulles? Took off, possible engine failure, called mayday then flew for TWO HOURS before it landed?!? I would have assumed it would land immediately?
Is there any sample go code that performs an authenticated query to an LDAP server that just does something basic, like requesting user accounts without hardcoding creds in, but using the current process’s context?
August 2, 2025 at 11:14 PM
Is there any sample go code that performs an authenticated query to an LDAP server that just does something basic, like requesting user accounts without hardcoding creds in, but using the current process’s context?
It’s just the prelims, and I don’t care for it. But hell yes, football is starting!
August 1, 2025 at 2:36 AM
It’s just the prelims, and I don’t care for it. But hell yes, football is starting!